我尝试通过skydns连接到etcd apiserver proxy服务器,并使用此文档http://kubernetes.io/docs/user-guide/accessing-the-cluster/#manually-constructing-apiserver-proxy-urls并使用命令
curl --cacert /etc/kubernetes/certs/ca.crt --header"授权: 持票人J9bAdaBGyQUEESCz7k412afmpskoHig7" -sS --cert /etc/pki/etcd/etcd-dns.crt --key /etc/pki/etcd/etcd-dns.key https://95.164.68.160:6443/api/v1/proxy/namespaces/2701e09a-b9f7-4b77-b4ad-8438a974ddfe/services/service-f1g5a:2379/v2/keys
但有错误
错误:'拨打tcp 10.254.63.2:2379:i / o超时'
尝试联系:' http://10.254.63.2:2379/v2/keys'
它似乎尝试连接到http而不是https
doc说,那个
目标代理可以使用代理选择的HTTP或HTTPS 可用信息
它使用了什么信息?如何强制使用https?
答案 0 :(得分:3)
您可以在服务名称前加上“https:” 识别以下格式:
# Proxies to the first port in the service, using http
https://<master>/api/v1/namespaces/myns/services/myservice/proxy/...
# Proxies to the specified port in the service, using http
https://<master>/api/v1/namespaces/myns/services/myservice:myport/proxy/...
# Proxies to the specified port, using https
https://<master>/api/v1/namespaces/myns/services/https:myservice:myport/proxy/...